Application Security Engineer

Description:

For this project, we are forming a team of 6 (including 1 team lead) to assist in a huge government project to perform the following scope of works:

1. Security Risk Assessment
2. Security Policies, Standards, Guidelines, And Procedures Review
3. Security Design
4. Application Security
5. Vulnerability assessment and
6. System Security Acceptance Testing
7. Cloud Security

The selected candidate will be working collaboratively within the team to fulfil the project requirements. As such, there is no expectation for one individual to possess all skill sets in the 6 domains.

As an expert in Application Security, your role will focus on providing expert advice, conducting security assessments, and helping government teams build security into every stage of their software development lifecycle.

Responsibilities:

• Perform comprehensive risk assessments of development environments, DevOps workflows, and CI/CD processes.
• Perform security assessments, threat modelling, and code reviews to identify vulnerabilities in applications.
• Review and recommend improvements in areas such as identity and access management, network security, secure SDLC practices, source code management, cryptographic key handling, and data protection.
• Guide application teams on adopting secure development practices and integrating security tools such as SAST, DAST, and VAPT into their workflows.
• Review existing CI/CD pipelines from a security perspective and provide expert recommendations to align with DevSecOps principles.
• Mentor and advise internal teams on secure coding practices across various platforms and languages (e.g., JavaScript, Node.js, Java, C#, Python, etc.).
• Develop and maintain secure coding guidelines and security standards.
• Collaborate with development teams to remediate security issues and provide guidance on secure coding practices.